does that computer have a tpm ?
On Tue, May 14, 2013 at 9:46 PM, Burke, John <[email protected]>wrote: > ** > I'll give it a shot. Thanks. They look very microsoft specific. > > This doesn't exist in my wbem for example.. > root\CIMV2\Security\MicrosoftVolumeEncryption > isn't a valid namespace. > > > > ------------------------------ > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Niall Brady > *Sent:* Tuesday, May 14, 2013 3:54 PM > *To:* mdtosd > *Subject:* Re: [MDT-OSD] RE: OSD - TS - Question - Can you use a registry > check condition whilst in winpe or do you have to use some other kind? > > that script checks for encryption while in WinPE, all those checks are > done before the HTA displays (in WinPE) > so go ahead and test it in WinPE by running the script in a command prompt > > > On Tue, May 14, 2013 at 6:17 PM, Burke, John <[email protected]>wrote: > >> ** >> That is probably exactly what happened. >> >> So currently my zero touch has access to the system outside of winpe - so >> it's easy to tell if the mcafee endpoint encryption software is installed. >> >> >> Any suggestions as to how i would detect this from pxe to begin with? I >> kknow it has to be done way earlly or everythign will crap out soon as it >> has to touch the c drive. >> >> Nail suggested the new cf12 hta as it has some scripts to detect >> encryption with bitlocker. >> >> I "think" its via the "isvolumnencrpted.wsf" script. which looks like it >> relies on wmi. >> >> ****** >> <job id="IsEncrypted"> >> <script language="VBScript" src="..\ZTIUtility.vbs"/> >> <script language="VBScript"> >> >> Dim oTSProgressUI >> set oTSProgressUI = CreateObject("Microsoft.SMS.TSProgressUI") >> oTSProgressUI.CloseProgressDialog() >> >> >> strComputer = "." >> Set objWMIService = GetObject("winmgmts:\\" & strComputer & >> "\root\CIMV2\Security\MicrosoftVolumeEncryption") >> Set colItems = objWMIService.ExecQuery( _ >> "SELECT * FROM Win32_EncryptableVolume",,48) >> For Each objItem in colItems >> x=objItem.ProtectionStatus >> >> >> Next >> >> Dim oShell >> Set oShell = CreateObject("WScript.Shell") >> >> oEnvironment.Item("Drive_Protected") = False >> >> retCode = x >> >> msgbox "0=Protection OFF" & vbCrLf & "1= Protection ON" & vbCrLf & >> "2=Protection Unknown" & vbCrLf & vbCrLf & "Protection Status Return >> code is:" & retcode,0, "Checking If Volume is Encrypted" >> >> If(retCode = 2) OR (retCode = 1) Then >> oEnvironment.Item("Drive_Protected") = True >> End If >> >> WScript.Quit(0) >> </script> >> </job> >> **** >> >> BUT this must be getting called in the OS. I need something that can be >> called in winpe. Or maybe I should simply just call something and let the >> tech decide if it's encrypted? >> >> ------------------------------ >> *From:* [email protected] [mailto: >> [email protected]] *On Behalf Of *Michael Niehaus >> *Sent:* Monday, May 13, 2013 11:34 PM >> *To:* [email protected] >> *Subject:* [MDT-OSD] RE: OSD - TS - Question - Can you use a registry >> check condition whilst in winpe or do you have to use some other kind? >> >> Well, you could probably include registry checks but they would be >> checking the Windows PE registry, not the old OS registry, so I doubt that >> would do you much good J**** >> >> **** >> >> Thanks,**** >> >> -Michael**** >> >> **** >> >> *From:* [email protected] [mailto: >> [email protected]] *On Behalf Of *Burke, John >> *Sent:* Monday, May 13, 2013 6:05 PM >> *To:* [email protected] >> *Subject:* [MDT-OSD] OSD - TS - Question - Can you use a registry check >> condition whilst in winpe or do you have to use some other kind?**** >> >> **** >> >> I'm guessing hte answer is yes, but i'm just doing a sanity check since I >> couldn't find anything on line about it.**** >> >> **** >> >> When doing zero touch i have a few variables set based on registry keys >> existing in wow6432node and software node. **** >> >> **** >> >> they skipped right past them when the same check was tried in winpe. **** >> >> **** >> >> Wondering what checks I can use. File system and wmi checks only?**** >> >> >
